Bug 1302385 - java-1.7.0-openjdk: Disable the RC4 cipher by default
java-1.7.0-openjdk: Disable the RC4 cipher by default
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: java-1.7.0-openjdk (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andrew John Hughes
Lukas Zachar
Robert Krátký
Depends On:
Blocks: 1297579 1313485
  Show dependency treegraph
Reported: 2016-01-27 11:48 EST by Andrew John Hughes
Modified: 2016-11-03 18:59 EDT (History)
5 users (show)

See Also:
Fixed In Version: java-1.7.0-openjdk-
Doc Type: Release Note
Doc Text:
RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7 Earlier _OpenJDK_ packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the `jdk.tls.disabledAlgorithms` of `SSLv3, DH keySize < 768`. This can be done permanently in the `<java.home>/jre/lib/security/java.security` file or by adding the following line: jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 to a new text file and passing the location of that file to Java on the command line using the `-Djava.security.properties=<path to file>` argument.
Story Points: ---
Clone Of:
Last Closed: 2016-11-03 18:59:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew John Hughes 2016-01-27 11:48:28 EST
Clone of bug 1217132 for RHEL 7.
Comment 4 Robert Krátký 2016-04-12 06:54:46 EDT
Hi Andrew,

This bug has been selected for inclusion in 7.3 Release Notes. Could you please add info to the Docs Text field, so that I can use it to formulate the release note?

Perhaps it could be lumped together with bug #1302383?

Comment 5 Andrew John Hughes 2016-04-12 12:16:44 EDT
Hi Robert,

Yes, that sounds like the right approach. We did the same for this pair of bugs in RHEL 6.8, and you should just be able to re-use the documentation text from bug #1217131 to cover both this and bug #1302383.
Comment 6 Robert Krátký 2016-04-12 12:44:02 EDT
Great, thanks, Andrew. I didn't notice the 6.8 bug.
Comment 9 errata-xmlrpc 2016-11-03 18:59:01 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.